CVE-2025-57892: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects Jeff Starr's Simple Statistics for Feeds WordPress plugin through version 20250322. The vulnerability was discovered by Nabil Irawan and publicly disclosed on August 22, 2025. This security issue impacts all versions of the Simple Statistics for Feeds plugin up to and including version 20250322 (Patchstack).

The vulnerability stems from missing or incorrect nonce validation on a function within the plugin. The CVSS v3.1 base score is 4.3 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction (Rapid7).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing specific actions, such as clicking on malicious links. The impact primarily affects the integrity of the system, with no direct effect on confidentiality or availability (Patchstack).

The vulnerability has been patched in version 20250820. Users are advised to update to version 20250820 or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).